I've always been a strong proponent of using encryption, and when I initially set up my NAS, I encrypted everything. However, my experience with the way Synology implements encryption for shared folders has left me disappointed with the experience. The purpose of this post is to share my experiences, and explain why I've reluctantly decided to remove encryption from some of my content.

Fast Clone Doesn't Work on Encrypted Folders

One of the major benefits of Btrfs is supposed to be support for fast clone, utilising the file system's support for Copy on Write. In theory, this means when copying a file, it's a near instantaneous process because it's just writing a small amount of file header information to the disk, without having to read and copy the actual file content.

But with encrypted shared folders, this process breaks because it has to read and encrypt a whole new copy of the file with its own independent encryption key. This is a big problem when dealing with large files, because it can take several minutes to make a copy of a file.

This limitation is, unfortunately, currently not documented in Synology's documentation for fast clone, and not mentioned as a limitation in the documentation for how to encrypt a shared folder. In fact, their support rep initially told me that fast clone should work on encrypted folders, before coming back later and confirming that it doesn't work. (Hopefully, they fix this documentation soon, as they said they would in the support ticket I filed about the issue).

Can't Browse Snapshots To Restore Individual Files

Another benefit of Btrfs is snapshots, which give the ability to restore files to earlier points in time. However, with encryption turned on, restoring a snapshot is an all or nothing process. The ability to browse a snapshot is disabled in encrypted folders, so you can't even check the content of a snapshot before restoring. This would necessarily also lose any data that has been changed since the snapshot was taken.

Without encryption, it supports the ability to browse and restore specific files as needed, which is much more useful.

With these two major limitations in mind, I've reluctantly decided to remove the encryption from some of my less sensitive content, where I would most benefit from the above features.